Highly Critical Hole Found in IE - Slashdot

Slashdot is powered by your submissions, so send in your scoop

×

Highly Critical Hole Found in IE 336

Posted by CmdrTaco on Thursday March 23, 2006 @03:20PM from the must-be-thursday dept.

dotpavan writes "Eweek reports on a highly critical MS Internet Explorer hole found by Secunia Research's Andreas Sandblad. The vulnerability is due to the processing of the "createTextRange()" method call applied on a radio button control. From Secunia, "The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2." The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition) though it could be avoided by turning off Active Scripting, as suggested by Microsoft Security Response Center blog. How would this put MS in the market, hit by the ever-growing shots of vulnerabilties? And would the divorce of IE7 from Vista's Windows Explorer help?"

This discussion has been archived. No new comments can be posted.

Highly Critical Hole Found in IE

Search 336 Comments Log In/Create an Account

Comments Filter:

Patch available (Score:5, Funny)

by thrillseeker ( 518224 ) writes: on Thursday March 23, 2006 @03:22PM (#14982380)

here [mozilla.com]

Share
twitter facebook
GAH (Score:1, Funny)

by Anonymous Coward writes: on Thursday March 23, 2006 @03:23PM (#14982394)

Please don't post stories like this until a patch or fix has been released! I always get paranoid after reading a story about another IE hole. If you wait until the fix is released, I'll have a blissful few days.

Share
twitter facebook
Highly Critical Hole Found in IE? (Score:5, Funny)

by Anonymous Coward writes: on Thursday March 23, 2006 @03:24PM (#14982403)

Must be thursday.

Share
twitter facebook
Perhaps it would save time... (Score:5, Funny)

by Threni ( 635302 ) writes: on Thursday March 23, 2006 @03:24PM (#14982406)

...if researchers just identified the bits that *weren't* totally insecure?

Share
twitter facebook
It is not a dupe! (Score:5, Funny)

by Life700MB ( 930032 ) writes: on Thursday March 23, 2006 @03:25PM (#14982410)

It's a brand new hole!

--
Superb hosting [tinyurl.com] 20GB Storage, 1_TB_ bandwidth, ssh, $7.95

Share
twitter facebook
Hole? (Score:2, Funny)

by jav1231 ( 539129 ) writes: on Thursday March 23, 2006 @03:25PM (#14982412)

Is it shaped like a woman's mouth? I mean, that's a highly critical hole.

Share
twitter facebook
Do what now? (Score:5, Funny)

by Rob T Firefly ( 844560 ) writes: on Thursday March 23, 2006 @03:27PM (#14982438) Homepage Journal

TFA: Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers

So this article updates us to the fact that they plan to update us with an article prior to the update?

Share
twitter facebook
Re:Patch available (Score:3, Funny)

by babbling ( 952366 ) writes: on Thursday March 23, 2006 @03:28PM (#14982443)

That won't fix the problem completely. To complete the fix, iexplore.exe should be replaced with a program that runs firefox.exe instead.

Parent Share
twitter facebook
Could be worst... (Score:5, Funny)

by __aaclcg7560 ( 824291 ) writes: on Thursday March 23, 2006 @03:29PM (#14982457)

It could've been a very cynical hole in IE concerning when Windows Vista will finally be released.

Share
twitter facebook
Proof of concept (Score:5, Funny)

by Anonymous Coward writes: on Thursday March 23, 2006 @03:32PM (#14982471)

<input type="radio" action="crash">

Share
twitter facebook
Someone translate this for me: (Score:2, Funny)

by brouski ( 827510 ) writes: on Thursday March 23, 2006 @03:33PM (#14982480)

How would this put MS in the market, hit by the ever-growing shots of vulnerabilties?

Come again?

Share
twitter facebook
got it backwards (Score:3, Funny)

by gurutc ( 613652 ) writes: on Thursday March 23, 2006 @03:34PM (#14982487)

IE is the hole, into which are placed 'features' such as this exploit, tied to the feature called 'activex.' Remove these 'features' and all that is left is the nothingness that is a hole.

Share
twitter facebook
Use it for good not evil (Score:3, Funny)

by slashbob22 ( 918040 ) writes: on Thursday March 23, 2006 @03:34PM (#14982491)

createText("install firefox.exe");
createTextRange(-1);

And just let the exploit install firefox. It's just that easy.

Share
twitter facebook
mirror (Score:4, Funny)

by eclectro ( 227083 ) writes: on Thursday March 23, 2006 @03:38PM (#14982516)

here. [opera.com]

IE user, your house is on fire. Run for the hills! Go! Go!

Parent Share
twitter facebook
divorce (Score:2, Funny)

by Tachikoma ( 878191 ) writes: on Thursday March 23, 2006 @03:38PM (#14982518)

And would the divorce of IE7 from Vista's Windows Explorer help?
maybe, but i still recommend divorcing windows entirely. i've loved computers before (not sexually ... you perverts!) but not until my power book did one love me back...

Share
twitter facebook
Dupe! (Score:3, Funny)

by p0 ( 740290 ) writes: on Thursday March 23, 2006 @03:39PM (#14982522)

Dupe!

Share
twitter facebook
Re:Perhaps it would save time... (Score:2, Funny)

by Anonymous Coward writes: on Thursday March 23, 2006 @03:48PM (#14982593)

...if researchers just identified the bits that *weren't* totally insecure?

Come on, the RFC on this [faqs.org] is several years old!

Damn networking hardware monopoly is hampering progress!

Parent Share
twitter facebook
I am... (Score:4, Funny)

by PFI_Optix ( 936301 ) writes: on Thursday March 23, 2006 @03:54PM (#14982638) Journal

...Jack's complete lack of surprise.

Share
twitter facebook
Re:Highly Critical Hole Found in IE? (Score:4, Funny)

by lowe0 ( 136140 ) writes: on Thursday March 23, 2006 @03:54PM (#14982641) Homepage

I could never quite get the hang of Thursdays.

Parent Share
twitter facebook
Re:It's funny (Score:2, Funny)

by Anonymous Coward writes: on Thursday March 23, 2006 @04:01PM (#14982706)

A DDoS isn't a vulnerability any more than someone throwing a brick at your face.

Parent Share
twitter facebook
Safest browser ever available (Score:4, Funny)

by Otis2222222 ( 581406 ) writes: on Thursday March 23, 2006 @04:10PM (#14982800) Homepage

Here. [isc.org] Guaranteed not to be exploited by any javascript or plugin vulnerability. Or by any site that uses frames.

Parent Share
twitter facebook
The 1st IE7 worm after the 'divorce' from windows (Score:5, Funny)

by rubberbando ( 784342 ) writes: on Thursday March 23, 2006 @04:11PM (#14982809)

shall be named "alimony"!

Share
twitter facebook
Re:Proof of concept (Score:2, Funny)

by SB_SamuraiSam ( 962776 ) * writes: on Thursday March 23, 2006 @04:26PM (#14982921) Homepage

That's why it works on IE.

Parent Share
twitter facebook
Re:IE 7 in Vista would have been safe (Score:4, Funny)

by Tumbleweed ( 3706 ) * writes: on Thursday March 23, 2006 @04:28PM (#14982949)

This just goes to show that if you give MS enough time, they'll eventually be able to reinvent UNIX-like security. That's a relief.

Parent Share
twitter facebook
Comment removed (Score:4, Funny)

by account_deleted ( 4530225 ) writes: on Thursday March 23, 2006 @04:53PM (#14983191)

Comment removed based on user account deletion

Share
twitter facebook
Highly Critical (Score:3, Funny)

by gnovos ( 447128 ) writes: <gnovos@NOSPAm.chipped.net> on Thursday March 23, 2006 @04:55PM (#14983203) Homepage Journal

This hole will complain endlessly about your banal surfing habits and tell you taht are beginning to look a little fat. It's amazingly critical.

Share
twitter facebook
Re:Patch available (Score:1, Funny)

by Anonymous Coward writes: on Thursday March 23, 2006 @05:19PM (#14983445)

I found out that the directory explorer actually IS explorer and that Outlook requires IE as well or it just won't work.

They could have removed IE a long time ago but just decided NOT to.
1995 called; they want their news back.

Parent Share
twitter facebook
Re:Safest browser ever available (Score:5, Funny)

by phantomfive ( 622387 ) writes: on Thursday March 23, 2006 @05:21PM (#14983461) Journal

Lynx only seems safe because it has such a small marketshare. As soon as more people use it, hackers will target it more. You will see.

Parent Share
twitter facebook
misplaced trust (Score:3, Funny)

by Scrameustache ( 459504 ) * writes: on Thursday March 23, 2006 @05:29PM (#14983528) Homepage Journal

add *.windowsupdate.com and *.microsoft.com to your trusted sites.

You gullible, gullible fool : )

Parent Share
twitter facebook
Re:Patch available (Score:3, Funny)

by dusik ( 239139 ) writes: on Thursday March 23, 2006 @05:31PM (#14983546) Homepage

>> "Outlook requires IE as well or it just won't work."

That's because you're not done until you replace Outlook with Thunderbird ;)

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

The last person that quit or was fired will be held responsible for everything that goes wrong -- until the next person quits or is fired.